The work presented here was presented as a B.Sc thesis in Economics at the University of Verona in November 2013. It is an introduction and review to Information Security Economics. Here you can currently find the introduction and the summary. At the moment the full document is only available in Italian. The English translation is in the works though…
Introduction
Data and information have become fundamental for the machinery of contemporary societies, so much so that defining ours the “Information society” has become a cliché. Information networks are among the most important enabling factors of the global economy and of globalisation itself. Information Security however has traditionally been considered strictly a technical discipline, part of Computer Science and Engineering, and been managed by organisations by strictly technical personel.
Since the 1990s, it has become more and more obvious that narrow technological approaches to the problem were not enough. It was not possible to achieve adequate levels of security nor to explain theoretically many phenomenons observed in the real world. Tools and concepts originating in other disciplines were brought to bear on Infosec problems and this interdisciplanry efforts brought fruits. Economic concepts in particular were able to explain a lot: modern information infrastructures, the Internet among them, are distributed socio-technical complex systems. The assets that form them are owned by a plurality of stakeholders, often with diverging goals and utility expectations. Economics is ideally suited to study such systems.
The economic concepts of incentives for instance is useful in explaining why a network or software in practice is not secure enough despite the technical solutions for doing so are in many cases well-known and understod. Moreover, this tools are also useful in a prescriptive way, to forge policies that -through the realignment of the incentives- could elevate security levels.
The common perception of the immateriality of the “cloud” and cyberspace is very far from reality. Networks are very physical and built with scarce resources: again economics as a field has the most appropriate tools to study such a situation and allocate them efficiently.
Summary
I – Introduction
II – History and current fields of work
III – Software vulnerability economics
IV – Network and Internet security
V – Privacy economics
VI – Cybercrime
VII – Conclusions
VIII – Online resources
IX – Bibliography
